Google Project Zero uncovered a new ASLR bypass technique targeting Apple devices by exploiting serialization behaviors in NSKeyedArchiver and NSKeyedUnarchiver. This method allows attackers to deduce memory addresses without traditional vulnerabilities, highlighting new risks in serialization handling. #Apple #ASLRbypass
Keypoints
- Researchers revealed a novel way to bypass ASLR on Apple devices via serialization flaws.
- The attack leverages deterministic behaviors in NSKeyedArchiver and NSKeyedUnarchiver to leak pointer addresses.
- By exploiting NSNull’s fixed memory location, attackers can reconstruct memory addresses precisely.
- Although no active exploits are known in the wild, the proof-of-concept demonstrates significant potential risk.
- Apple recommends avoiding raw memory addresses in hashing and implementing strict deserialization controls as mitigations.
Read More: https://thecyberexpress.com/project-zero-exposes-aslr-bypass/